Implementing and Reasoning About Hash-consed Data Structures in Coq

Braibant, Thomas; Jourdan, Jacques-Henri; Monniaux, David

doi:10.1007/s10817-014-9306-0

Cited by 16 publications

(20 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Verasco, we already obtained good speedups by preserving preexisting sharing between the arguments of join operations. Going further, we could re-share a posteriori using general hash-consing [10].…”

Section: Discussionmentioning

confidence: 99%

A Formally-Verified C Static Analyzer

et al. 2015

Self Cite

View full text Add to dashboard Cite

This paper reports on the design and soundness proof, using the Coq proof assistant, of Verasco, a static analyzer based on abstract interpretation for most of the ISO C 1999 language (excluding recursion and dynamic allocation). Verasco establishes the absence of run-time errors in the analyzed programs. It enjoys a modular architecture that supports the extensible combination of multiple abstract domains, both relational and non-relational. Verasco integrates with the CompCert formally-verified C compiler so that not only the soundness of the analysis results is guaranteed with mathematical certitude, but also the fact that these guarantees carry over to the compiled code.

show abstract

Section: Discussionmentioning

confidence: 99%

A Formally-Verified C Static Analyzer

et al. 2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…We note that in contrast to the problems we have considered in this paper, existing pure languages can construct ROBDDs from scratch and manipulate them without exponential blowup, e.g. by either of the two pure approaches used by [Braibant et al 2014] to implement them in Gallina. The important distinction is that in existing pure languages, one can easily build ROBDDs from the bottom up using an explicit graph representation, whereas if you start with a term whose tree size is astronomically large, there is nothing you can do without the ability to compare memory addresses of subterms.…”

Section: Discussionmentioning

confidence: 99%

“…This process is ad-hoc and unsafe in general, as the system itself cannot discern pure extraction instructions from impure ones. For example, Braibant et al [2014] implement a naive BDD type in Gallina, extract it to an OCaml type that stores a unique identifier, extract the Gallina constructors to OCaml łsmartž constructors that make use of a hash-consing library to guarantee maximal sharing, and extract the structural equality test on their BDD type to OCaml's physical (i.e. pointer) equality test.…”

Section: Discussionmentioning

confidence: 99%

“…One of the main motivations of the present work is that there is no way to traverse this term in sub-exponential time using existing pure functional languages. There are ways to construct other kinds of entities from the bottom up that are isomorphic to this term in the presence of some additional state and that can be traversed efficiently, for example by either of the first two approaches described in [Braibant et al 2014]. However, in existing pure languages, there is no way to efficiently traverse a term of a standard inductive type like the one above.…”

Section: One-off Pointer Equality Testsmentioning

confidence: 99%

See 1 more Smart Citation

Sealing pointer-based optimizations behind pure functions

Selsam

Hudon

Moura

2020

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Functional programming languages are particularly well-suited for building automated reasoning systems, since (among other reasons) a logical term is well modeled by an inductive type, traversing a term can be implemented generically as a higher-order combinator, and backtracking search is dramatically simplified by persistent datastructures. However, existing pure functional programming languages all suffer a major limitation in these domains: traversing a term requires time proportional to the tree size of the term as opposed to its graph size. This limitation would be particularly devastating when building automation for interactive theorem provers such as Lean and Coq, for which the exponential blowup of term-tree sizes has proved to be both common and difficult to prevent. All that is needed to recover the optimal scaling is the ability to perform simple operations on the memory addresses of terms, and yet allowing these operations to be used freely would clearly violate the basic premise of referential transparency. We show how to use dependent types to seal the necessary pointer-address manipulations behind pure functional interfaces while requiring only a negligible amount of additional trust. We have implemented our approach for the upcoming version (v4) of Lean, and our approach could be adopted by other languages based on dependent type theory as well. CCS Concepts: • Software and its engineering → Language features.

show abstract

“…To overcome both, we use an approach similar to the "smart constructor" approach advocated by Braibant et al [2014] for implementing verified reduced ordered binary decision diagrams in Coq.…”

Section: Cleanup Phasesmentioning

confidence: 99%

Simple, light, yet formally verified, global common subexpression elimination and loop-invariant code motion

Monniaux

Six

2021

Proceedings of the 22nd ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems

Self Cite

View full text Add to dashboard Cite

We present an approach for implementing a formally certified loopinvariant code motion optimization by composing an unrolling pass and a formally certified yet efficient global subexpression elimination. This approach is lightweight: each pass comes with a simple and independent proof of correctness. Experiments show the approach significantly narrows the performance gap between the CompCert certified compiler and state-of-the-art optimizing compilers. Our static analysis employs an efficient yet verified hashed set structure, resulting in fast compilation.

show abstract

Implementing and Reasoning About Hash-consed Data Structures in Coq

Cited by 16 publications

References 15 publications

A Formally-Verified C Static Analyzer

A Formally-Verified C Static Analyzer

Sealing pointer-based optimizations behind pure functions

Simple, light, yet formally verified, global common subexpression elimination and loop-invariant code motion

Contact Info

Product

Resources

About